'Block IP addresses at the firewall level if they trigger brute force protection' is checked, and also configured for 5 attempts.
But if HostAccessControl is dropping them before they get this far then it's something that I have to put up with.
I'd rather not dilute HostAccessControl in favour of CPHULK.
I suppose a positive thing about HAC, is that unless your IP is in the small list, your'e not getting in. (end of)
Just a little annoying when I see a few hundred attempts from the same IP though.

Staff Member

A Mod_Security rule wouldn't restrict access to the ports the cpsrvd service listens on (e.g. 2082,2087). You may want to consult with your data center or a qualified system administrator if you need assistance with blocking the attack from the network level or through custom firewall rules.

I was thinking more along the lines of a modesc or CSF rule that would look at the string 'because of tcp_wrappers at cpsrvd.pl line 3564', and then block the offending IP address accordingly.
I did look at regex rules for CSF, but this just baffled me.